> Am 23.03.2021 um 10:23 schrieb Oleg Nenashev <[email protected]>: > > Hi all, > > The Jenkins trademark is now transferred to the CDF, and Software in Public > Interest has officially removed the Jenkins project from its listing of the > projects. It means that the transition is [almost] over. > > One remaining thing is Contributor and Company License agreements. We use > this CLA process only for contributors with advanced permissions (like > Jenkins core merge, access to the infrastructure, security team membership, > etc.). Our current process (https://github.com/jenkinsci/infra-cla) is quite > tedious, and it would be great to replace it by EasyCLA provided by the Linux > Foundation: https://easycla.lfx.linuxfoundation.org/#/ . It would allow to > automate signing and storage of the contributor license agreements, and it > would be a big relief for the Jenkins Governance Board. > > I propose to: > Move the CLA process to https://easycla.lfx.linuxfoundation.org/#/ > Update individual and company CLAs to use "Linux Foundation" instead of CLA. > For example, Tekton CLAs > <https://github.com/cdfoundation/cla/tree/master/projects/tekton> are equal > to the Jenkins ones except the header. We could follow the same approach if > the LF/CDF Legal team does not have specific requirements. > File the new process as a JEP which would deprecate the current process. +1
> Open questions for a discussion: > Do we want current CLA signees (individuals and companies) to re-sign the > CLAs on EasyCLA? I am not a lawyer, but I suspect the answer would be "yes". > There is only a limited number of contributors who would need to resign that. > I believe this is doable, and it is also a good opportunity to revise > permissions of inactive contributors. I think that makes sense and should be not a complicated process for the small number of people. > Do we want to have a separate CLA for sensitive areas like Jenkins Security > Team membership? The current CLA is focused only on granting license/patent > to protect the project, but there is no Non-disclosure statements which might > be important for unreleased security fixes > Do we want to change the policy and to require all contributors to sign CLA? > It might be reasonable for the Jenkins core components, with assumption that > we have an easy process and bots assisting with verification. I am not a huge > fan of that, but this is how many projects operate. I don’t think that we should go this way. Kohsuke always tried to keep the barrier for contributions very low and I think we should continue this way. I think that we would not have so many plugins (or PRs for plugins) if we make the contribution process more complex. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/BED89653-649A-4259-9589-2184B4D62A40%40gmail.com.
